{"id":362444,"date":"2020-08-04T09:31:49","date_gmt":"2020-08-04T07:31:49","guid":{"rendered":"https:\/\/mybroadband.co.za\/news\/?p=362444"},"modified":"2020-08-04T09:34:15","modified_gmt":"2020-08-04T07:34:15","slug":"microsoft-google-and-red-hat-partner-to-create-the-open-source-security-foundation","status":"publish","type":"post","link":"https:\/\/mybroadband.co.za\/news\/security\/362444-microsoft-google-and-red-hat-partner-to-create-the-open-source-security-foundation.html","title":{"rendered":"Microsoft, Google, and Red Hat partner to create the Open Source Security Foundation"},"content":{"rendered":"

Microsoft has announced<\/strong><\/a> a collaboration with several industry partners to create the Open Source Security Foundation (OpenSSF) – a new cross-industry initiative to improve the security of open source software.<\/p>\n

Hosted at the Linux Foundation, OpenSSF was founded in partnership with Google, Red Hat, IBM, NCC Group, and OWASP, as well as Microsoft-owned GitHub.<\/p>\n

Microsoft Azure CTO Mark Russinovich said\u00a0 OpenSSF brings together work from the Linux Foundation-initiated Core Infrastructure Initiative (CII), GitHub-initiated Open Source Security Coalition (OSSC), and other open source security efforts.<\/p>\n

It aims to build a broader open source software security community, targeted initiatives, and best practices.<\/p>\n

Russinovich said that open source software is core to nearly every company’s technology strategy and securing it is an essential part of securing supply chains, including Microsoft’s own.<\/p>\n

Since it is inherently community-driven, there is no central authority responsible for quality and maintenance of open source code, and since it can be copied and cloned, versioning and dependencies are particularly complex.<\/p>\n

“With the ubiquity of open source software, attackers are currently exploiting vulnerabilities across a wide range of critical services and infrastructure, including utilities, medical equipment, transportation, government systems, traditional software, cloud services, hardware, and IoT,” he said.<\/p>\n

“Open source software is also vulnerable to attacks against the very nature of the community, such as attackers becoming maintainers of projects and introducing malware.”<\/p>\n

“Given the complexity and communal nature of open source software, building better security must also be a community-driven process,” Russinovich said.<\/p>\n

Microsoft will bring several of its own current open source security initiatives under the OpenSSF umbrella as part of its involvement.<\/p>\n

Microsoft embraces open source<\/h3>\n

Microsoft’s support of open source software has caught many by surprise given the company’s former opposition towards the paradigm.<\/p>\n

During the first four decades of its existence, from the 1970s through the 2000s, Microsoft viewed free and open source software as a threat to its business.<\/p>\n

Back in 2001, former Microsoft CEO Steve Ballmer labelled Linux “a cancer that attaches itself in an intellectual property sense to everything it touches\u201d.<\/p>\n

However, this started to change when Microsoft joined the Linux Foundation as a high-paying Platinum member in 2016.<\/p>\n

This may have been brought about by the realisation that growing technologies such as the Cloud will rely on open source software solutions.<\/p>\n

Recently, Microsoft president Brad Smith admitted that the company was “on the wrong side of history when open source exploded at the beginning of the century”.<\/p>\n

The company has in recent years open-sourced many of its applications – including Microsoft’s original JavaScript engine, PowerShell, and Visual Studio Code.<\/p>\n

The May 2020 Windows 10 Update shipped with Windows Subsystem for Linux 2 (WSL2), a custom-built Linux kernel which allows for easy integration of Linux distros and files within file explorer.<\/p>\n

Microsoft has also partnered with Mark Shuttleworth’s Canonical to bring Ubuntu to Windows 10.<\/p>\n

Now read: SensePost rebrands to Orange Cyberdefense<\/a><\/h3>\n","protected":false},"excerpt":{"rendered":"

Microsoft has announced a collaboration with several industry partners to create the Open Source Security Foundation (OpenSSF).<\/p>\n","protected":false},"author":341042,"featured_media":242088,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[27],"tags":[11253,167,835,123,65982,7679,17540,46964],"class_list":["post-362444","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-security","tag-github","tag-google","tag-ibm","tag-microsoft","tag-ncc-group","tag-open-source-software","tag-red-hat","tag-the-linux-foundation"],"_links":{"self":[{"href":"https:\/\/mybroadband.co.za\/news\/wp-json\/wp\/v2\/posts\/362444"}],"collection":[{"href":"https:\/\/mybroadband.co.za\/news\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/mybroadband.co.za\/news\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/mybroadband.co.za\/news\/wp-json\/wp\/v2\/users\/341042"}],"replies":[{"embeddable":true,"href":"https:\/\/mybroadband.co.za\/news\/wp-json\/wp\/v2\/comments?post=362444"}],"version-history":[{"count":1,"href":"https:\/\/mybroadband.co.za\/news\/wp-json\/wp\/v2\/posts\/362444\/revisions"}],"predecessor-version":[{"id":362478,"href":"https:\/\/mybroadband.co.za\/news\/wp-json\/wp\/v2\/posts\/362444\/revisions\/362478"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/mybroadband.co.za\/news\/wp-json\/wp\/v2\/media\/242088"}],"wp:attachment":[{"href":"https:\/\/mybroadband.co.za\/news\/wp-json\/wp\/v2\/media?parent=362444"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/mybroadband.co.za\/news\/wp-json\/wp\/v2\/categories?post=362444"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/mybroadband.co.za\/news\/wp-json\/wp\/v2\/tags?post=362444"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}